But if you are trying to limit their access to only a specific SECTION of the Settings module you may have to instead create a custom UI Page and put in the logic to update it via api (Give them a textbox and a button, when they click the button it takes the value of the text box and updates the actual setting through Kentico's API).

This is how Kentico would probably recommend. Then you can assign permission to your custom UI page in your module through the Roles system.